----- Original Message ----- From: "Mike Brodbelt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 26, 2004 11:28 AM Subject: [Clamav-users] New variant Bagle not being detected?
> Hi, > > I got a suspicious mail this morning which looked very like a virus, and > I'm now receiving reports from a neighbouring institution that they are > getting hit with the same thing. It is rumored to be a new variant of > Bagle, though noting I have picks it up yet. > > The mail goes something like this:- > > ================================ > Dear user of acu.ac.uk, > > We have received reports that your e-mail account was used to send a > huge amount of junk e-mail messages during this week. > Most likely, your computer was infected and now runs a trojaned proxy > server. > > Please follow the instruction in order to keep your computer safe. > > Sincerely yours, > The acu.ac.uk support team." > ================================ > > It also contains at attached zip file, which contains a file named > amcluv.htm(lots of embedded nulls).com > > The neighbouring institution had their domain in the mail, instead of > mine, so the virus appears to be attempting a bit of socian engineering. > Also, the from address was forged to be from MAILER-DAEMON at my domain. > > Has anyone else seem this? Yep, We have! I provided samples via the web site too. Perhaps it's already being worked on? > I've submitted it to the ClamAV database, and > received a "thank you" note, telling me the submission has not been > added, and giving no information as to why not, which is less helpful I thought the exact same thing. I presume an update is forthcoming. > than I'd have hoped... The online scanner does not currently pick it up. > Is there a way I can manually extract a signature to add to my local > database, if ClamAV won't do it? Yep, see signatures.pdf (or get it from the support documentation of clamav's web site if you didn't already have it) -Troy > > Mike. > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click > _______________________________________________ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > > > !DSPAM:4105335d145831575618569! > > > > ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
